WhatsApp Users Beware! Easily Available 'Stalkerware' Apps Can Track Your Behaviour
Facebook-owned instant messaging platform WhatsApp is specially focused on users' privacy and safety. The company has, time and again, also held firm on keeping its encryption intact, despite pressure from governments. However, there are certain apps that can still track WhatsApp user data by using rather simple methods that don't need to break into WhatsApp's safety structure. A recent report in Business Insider finds that there are apps easily available for free on Google Play Store and Apple App Store that can track a user's activity on WhatsApp like who they're talking to, when they're sleeping, and when they're using WhatsApp on their phone.
'Stalkerware' Apps Available on Google Play Store and Apple Apps Store
According to the report, these 'stalkerware' apps use the online signaling feature in WhatsApp that shows when a user is online. Now, it might seem like an insignificant piece of information, but the Business Insider report says that harvesting this data for days and weeks allows these outside apps to aggregate and build detailed profiles of WhatsApp users' activity and interactions. This vulnerability, however, can not bypass WhatsApp's encryption and doesn't reveal the content of WhatsApp users' messages.
These apps resemble a less severe version of 'stalkerware,' a term coined after widespread use of commercial spyware. A senior security researcher at the Electronic Frontier Foundarion (EFF) says that he can not think of a single good, legitimate use of these WhatsApp-tracking apps. Dozens of these apps have been found on both Google's Play Store and Apple's App Store.
How Do These Apps Work
These apps advertise themselves to potential customers as "helping them determine when other people are sleeping, when they're using WhatsApp, and even who they're talking to on the app." According to the report, they track who is talking to whom by simply comparing multiple people's activity logs and see which ones match up. The user of a tracking app enters the phone number of the person they want to track, and the app then constantly checks to see if the target is "online" or not, creating a record of their activity. This data can then be displayed visually, allowing the user to monitor their target's online habits, including the times they use their device regularly, and when they're sleeping, over a period of days and weeks.
The report said that the apps at times market themselves as helpful tools for parents to keep a tab on their children, while other times they are explicit about snooping. These spyware apps are usually free to download, and some are reported to have millions of downloads on Google Play Store. However, they mostly offer restricted functionality until the user makes in-app purchases.
Apps Still Alive Despite Facebook's Anti-Abuse System
WhatsApp, in its statement, said that the app provides privacy controls to users to protect their profile photo, 'last seen', and about status. "We maintain automated anti-abuse systems that identify and prevent abuse by apps that attempt to detect information from WhatsApp users," it was quoted by Business Insider as saying. The company told Business Insider that these apps violate its terms of service. It also said that WhatsApp's anti-abuse system detects such apps and has blocked similar apps in the past. WhatsApp also requested app stores to remove apps that about its platform and violates its terms.
There is no foolproof way for ordinary WhatsApp users to avoid being tracked as WhatsApp doesn't allow users to turn off the 'online' feature. However, such apps are very much in use and very easily available on any app store despite Facebook's efforts. Business Insider tried to get in touch with the developers of these apps. None of them were available for comment.
Google had recently put a ban on stalkerware apps that do not include "adequate notice or consent" and show a "persistent notification" that the user's actions are being tracked by the app. It also took down a few apps after the Business Insider report.